Skip to main content
About viruses

About viruses

Search
Winservices Help Pages
  

 Contact Service Desk

Email:service-desk@cern.ch
Phone: +41 22 76 77777

Winservices Help Pages > NICE security and antivirus > Virus hoaxes and spyware > About viruses > Pages > default  

Recommendations about Viruses What is a virus ? Why virus are bad ? How not to get a virus ? How to get rid of a virus ?

Site Structure
NICE Environment
NICE Installation
Libraries
Installation of Windows at CERN
Moving or Renaming a Computer
How to verify your computer name ?
Electronic delivery of Microsoft software for Work at Home
NICE Windows 7
Status of Windows 7 at CERN
Applications available on NICE Windows 7
NICE Windows 7 User's Manual (printable)
NICE Windows 8.1 (Pilot)
Pilot support for Windows 8.1 at CERN
Supported Windows 8.1 hardware
Migrating from Windows 8 to 8.1
NICE Windows 8 (Pilot Terminated)
Pilot support for Windows 8 at CERN (Pilot project terminated)
Supported Windows 8 hardware
NICE Vista (Support Ended)
End of Support Notice for Windows Vista
Getting started with Windows Vista at CERN
Working with Windows Vista
Improving performance of Windows Vista
Advanced Topics
Offering Remote Assistance from Windows Vista
Applications available on NICE Vista
NICE XP (End of support)
End of Support Notice for Windows XP
Getting Started with Windows XP at CERN
Using the build-in Firewall of Windows XP SP2
Working with limited privileges
Portable computers
Accessing remotely your Windows Desktop at CERN via SSH tunneling
Offering Remote Assistance from Windows XP
Applications available on NICE XP
NICE Windows Updates
Keeping your computer up-to-date under NICE
Working with network files
Folder Redirection
Working with Offline Files and Folders
Requiring DFS folder.
Installation of Windows at CERN
How to recover network files
Manage Rights on your Network file/folder.
Home Folder Reorganization
DFS WebDAV remote access
Introduction to WebDAV
Accessing the DFS through WebDAV from Windows
Using WebDAV from Mac OSX
Accessing WebDAV resources from Linux SLC4 or SLC5
Accessing WebDAV resources from Linux using davfs2
FAQ for NICE
Get Information
Your Desktop
Keyboard Interaction
Working with files
Office Applications
Internet Explorer
Windows System
Periferals
Screensaver Settings
Administrative account review
NICE Administrative Account Review
NICE hard disk encryption
Bitlocker for Windows 7 and Windows 8
Mandate
Software Lifecycle End of Support Notices
NICE security and antivirus
NICE security How-To
How to disable/enable the "System Restore" feature ?
How to delete the temporary internet files ?
How to configure shared folders for a good security level ?
How to check applications versions & hotfixes on your system ?
How to display file extensions ?
How to disable the Guest account in Windows XP Professional ?
Converting your File system to NTFS
Setting the 'sa' Password in Microsoft SQL Server
ACL, ACE ... Permissions... How to handle File security?
Best Practice to Manage Permissions
Virus hoaxes and spyware
About viruses
Suspicious email messages and viruses
How to react when a virus is detected on your computer ?
How to react when someone tell you that you sent him a virus by mail ?
How to decode the name of a virus ?
How to protect dedicated computers ?
About spywares
Why my Antivirus program does not detect Spywares? Explanations
Several kind of spyware
How to uninstall HOTBAR from my computer ?
About hoaxes
How to recognize a Hoax ?
Antivirus software
Forefront
Microsoft Forefront
How to Manage a Schedulled System Scan?
How to perform a manual system scan?
How to stop a scheduled scan?
How to keep virus definitions up to date?
How to install an Antivirus program on a non-NICE computer?
A brief tour of the icons in Forefront Client Security
Endpoint Protection 2012
Microsoft Endpoint Protection
How to manage a scheduled system scan ?
How to perform a manual scan ?
How to stop a scheduled scan ?
How to keep virus definitions up to date ?
How to install an Antivirus program on a non-NICE computer ?
A brief tour of the icons in System Center Endpoint Protection
CMF local Administrators
Procedure for deploying System Center 2012 Endpoint Protection on locally managed computers
CMF Management of System Center 2012 Endpoint Exclusion Lists
Printing
Configuring printers
Printing from SLC systems
Add a Printer on Mac OS System
Printer Management on Windows 7
Printer Management on Windows Vista
Printer Management on Windows XP
Alternative Method
Printing for Visitors
Searching or administrating printers
Search and Configure
Search on the Web
FAQs
OS FAQ
Help related to printer Hardware problems
Overview
Frequently Asked Questions
Computer management framework
The Computer Management Framework - User Guide
NICE applications
Help for applications
Office 2003
Compatibility Pack for Office 2007
Office Proofing Tools
Office XP
Office 2000
Office 2003
Using Frontpage
Using Outlook
Adobe Acrobat
Adobe Illustrator
Using Corel
Micrografx Designer
Microsoft Visio
Putty
PuTTY_CERN
OpenAFS
WinZip
CERN Alerter
RealPlayer
MSDN Library
New Features of Adobe Acrobat X
XWin-32 X11 Server for Windows
Office 2003
Migration schedule
Office 2007
Using Microsoft Office Enterprise 2007
Word 2007 - Basic Elements
Excel 2007 - Basic Elements
Powerpoint 2007 - Basic Elements
Changes in Outlook 2007
Using Microsoft Office 2007 Proofing Tools
Office 2010
Microsoft Office 2010 Pilot
Installing Microsoft Office Professional Plus 2010
Using Microsoft Office Professional Plus 2010
Word 2010 - Presentation and New Features
Excel 2010 - Presentation and New Features
Powerpoint 2010 - Presentation and New Features
Changes in Outlook 2010
Using Microsoft Office 2010 Proofing Tools
Microsoft Office 2010 at CERN
Office 2013
Microsoft Office 2013
How To Install MS Office 2013 ?
Using MS Office 2013 Proofing Tools
Recommended Applications
Internet Explorer 9
Mozilla Firefox
Internet Explorer 10
Internet Explorer 11
Support for NICE
Scheduled tutorials
IT3T - IT Technical Training Tutorials 2012
IT3T - IT Technical Training Tutorials 2011
IT3T - IT Technical Training Tutorials 2010
IT3T - IT Technical Training Tutorials 2007
IT3T - IT Technical Training Tutorials 2005
IT3T - IT Technical Training Tutorials 2014
Support Central Help Desk Books
Presentations hold in the IT/IS Group
Running Linux on a Windows PC
Install multiple OS using Virtual PC Windows XP and Vista
Intall multiple OS with PXE using Virtual PC Windows 7
Install SLC5 with VHD using Virtual PC Windows 7
Install Windows XP Mode using Virtual PC Windows 7
Custom servers hosting
Server hosting service
Terminal Services
Introduction
Terminal Services Manifest
Linux client
Mac Client
Win Client
Architecture Overview
Login into Terminal Services
Other clients
FAQ
Available Applications
How to contact Windows Terminal Services Managers
How to Print
Accessing remotely your Windows Desktop at CERN via SSH
Transfer files to you WTS session
Rdesktop Reconnection
Connecting to WTS from home is slow
Licensing issue
Remote Desktop Gateway
Configuring remote connection via Remote Desktop Service
Manually setting up local RemoteDesktop configuration
Manually defining the RDP file to connect using the Remote Desktop Gateway
DFS
DFS WebDAV remote access
Accessing WebDAV resources from Linux using davfs2
Using WebDAV from Mac OSX
Accessing the DFS through WebDAV from Windows
Accessing WebDAV resources from Linux SLC4 or SLC5
Introduction to WebDAV
Working with network files
Folder Redirection
Manage Rights on your Network file/folder.
Manage your DFS folder.
How to recover network files
Requiring DFS folder.
Working with Offline Files and Folders
 

Recommendations about Viruses

What is a virus ?

A computer virus is a type of computer program that is designed to hide in the background and replicate itself from one computer to another by attaching itself to existing programs or parts of the operating system. Computer viruses often infect many programs on the same system or even parts of the operating system in an attempt to spread themselves as far as possible. In addition to this general virus definition there are several types of virus, you can read a description of the main types below  :

Boot virus :

Boot sector virus infects boot sectors on diskettes and/or hard disks. On diskettes, the boot sector normally contains code to load the operating system files. The virus replaces the original boot sector with itself and stores the original boot sector somewhere else on the diskette or simply replaces it totally. When a computer is then later booted from this diskette, the virus takes control and hides in RAM. It will then load and execute the original boot sector, and from then on everything will be as usual. Except, of course, that every diskette inserted in the computer will be infected with the virus, unless it is write-protected. A boot sector virus will usually hide at the top of memory, reducing the amount of memory that the DOS sees. For example, a computer with 640K might appear to have only 639K. Most boot sector virus are also able to infect hard disks, where the process is similar to that described above, although they usually infect the master boot record instead of the DOS boot record.

Macro virus :

A macro virus is a computer virus that "infects" a Microsoft Office or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless. A typical effect is the undesired insertion of some comic text at certain points when writing a line. A macro virus is often spread as an e-mail virus, or inside an infected document.

Polymorphic virus :

These viruses create a new decryption routine each time they infect, so every infected file will have a different sequence of virus code. Some new viruses use different approaches to be polymorphic. The virus contains some encrypted tables describing which operations a virus take. When such a virus infects a file, it uses those tables to generate a whole new polymorphic virus. It may place part of the code at randomly selected locations, use different binary representations for each operation, etc. Macro viruses can also be polymorphic. In trivial form it simply adds randomly generated comments to randomly selected lines of virus source code. What that all means, is that the virus can mutate in different ways to defeat virus scanners.

Trojan horses :

A Trojan horse is any program that, once run, does something that the user doesn't want or request. The program doesn't necessarily infect other files or spread to other systems. It is the generic term to refer to any software that is intentionally coded to do something other than what it is supposed to. Some people think of viruses as a special form of Trojan horse: one that can infect other files (thus turning them into Trojan horses) and duplicate itself. Trojan horses are sometimes just called "Trojans" for short. 

Worm virus :

Worms are very similar to viruses in that they are computer programs that replicate themselves and that often, but not always, contain some functionality that will interfere with the normal use of a computer or a program. 
The difference is that unlike viruses, worms exist as separate entities; they do not attach themselves to other files or programs. A worm can spread itself automatically over the network from one computer to the next. Worms take advantage of automatic file sending and receiving features found on many computers.

Why virus are bad ?

A computer virus will often have a "trigger" such as a specific date or a specific program being run that will perform a benign event such as flashing a message on the users screen. Some viruses will perform more malicious deeds however, deleting or scrambling users files or their entire system.
Some viruses also slow down a user system, disable specific functions, or cause erratic system behavior. New ones try to deactivate antivirus, personal firewall product and more and more often have backdoor or key logger capabilities. In fact it appears that new generation virus include several of theses capabilities at the same time.

In conclusion, virus are bad because they compromise the integrity of your system, your data and your privacy

How not to get a virus ?

First it's important to know the way the virus use to infect user systems.
Like organic virus, computer ones can only infect a machine by using an input device to go inside.

Input devices can be :

  • Floppy (the most used before email appears).

  • Cd-rom (illegal games copy, data from others machines).

  • Modem (file transfer with others).

  • External mass storage (Zip floppy, external hard-drive from other systems...).

  • Network card (email, file sharing on Internet or Intranet...).

  • ... Other devices that permit data transfer from one system to another.

If your system is clean and if you don't use any data that came from another machine, it can't be infected by itself.

At CERN all computers in the domain receive automatically the latest version of Microsoft Forefront Client Security just after their installation. 
This product is managed remotely by our service and it is not necessary for the user to take care of that. Virus are automatically reported by each machines immediately after their detection.

To minimize the risk of being infected, users must follows few recommendations :

  • Do not open any attachment in mail if you don't expect it.

  • Do not give your email address on non official website.

  • Do not surf or download any program on underground website.

  • Do not share resources of your system without any restrictions.

  • Always apply security patch on your system to prevent virus attacks

  • And the most important one : Be sure your antivirus is updated and running before doing anything.

How to get rid of a virus ?

You can check if your antivirus program is running correctly by looking at the little checked green in the system tray.
As you know, to be efficient, antivirus software need to have their real-time protection enabled to protect all the input/output operations of the system. 

NB: Running a deactivated antivirus is as bad as running a system without any antivirus.

If this icon is visible on your PC and  you suspect it to be infected, the best thing to do is to run a full system scan.
If the scan report a virus on your machine you can check what are its capabilities by surfing the Microsoft Malware Protection Center. In the major part of the cases, the vendor provides a fix tool to repair systems infected by highly destructive viruses, you can download and use them if you are an advanced user, otherwise you have the possibility to send a mail to the helpdesk and wait for antivirus support. In this case don't forget to give the name of your computer and describe what are the behaviors caused by the supposed virus.